|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-79 - 45 candidates
I am proposing cluster RECENT-79 for review and voting by the Editorial Board. Name: RECENT-79 Description: Candidates announced between 12/2/2001 and 1/25/2002 Size: 45 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0726 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0726 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20010927 Category: SF Reference: MS:MS01-057 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-057.asp Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message. Analysis ---------------- ED_PRI CAN-2001-0726 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0727 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0727 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20010927 Category: SF Reference: BUGTRAQ:20011214 MSIE may download and run progams automatically Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100835204509262&w=2 Reference: BUGTRAQ:20011216 Re: MSIE may download and run progams automatically - NOT SO FAST Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100861273114437&w=2 Reference: MS:MS01-058 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-058.asp Reference: CERT:CA-2001-36 Reference: URL:http://www.cert.org/advisories/CA-2001-36.html Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability." Analysis ---------------- ED_PRI CAN-2001-0727 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0797 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0797 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011024 Category: SF Reference: ISS:20011212 Buffer Overflow in /bin/login Reference: URL:http://xforce.iss.net/alerts/advise105.php Reference: BUGTRAQ:20011219 Linux distributions and /bin/login overflow Reference: URL:http://www.securityfocus.com/archive/1/246487 Reference: CERT:CA-2001-34 Reference: URL:http://www.cert.org/advisories/CA-2001-34.html Reference: CERT-VN:VU#569272 Reference: URL:http://www.kb.cert.org/vuls/id/569272 Reference: CALDERA:CSSA-2001-SCO.40 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/CSSA-2001-SCO.40.txt Reference: SUN:00213 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/213 Reference: AIXAPAR:IY26221 Reference: SGI:20011201-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011201-01-I Reference: XF:telnet-tab-bo(7284) Reference: URL:http://xforce.iss.net/static/7284.php Reference: BID:3681 Reference: URL:http://www.securityfocus.com/bid/3681 Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin. Analysis ---------------- ED_PRI CAN-2001-0797 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0872 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0872 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011203 Category: SF Reference: BUGTRAQ:20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100749779131514&w=2 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100747128105913&w=2 Reference: REDHAT:RHSA-2001:161 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-161.html Reference: SUSE:SuSE-SA:2001:045 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html Reference: XF:openssh-uselogin-execute-code(7647) Reference: URL:http://xforce.iss.net/static/7647.php OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges. Analysis ---------------- ED_PRI CAN-2001-0872 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0874 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0874 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011211 Category: SF Reference: MS:MS01-058 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-058.asp Reference: XF:ie-frame-verification-variant2(7702) Reference: URL:http://xforce.iss.net/static/7702.php Reference: BID:3693 Reference: URL:http://www.securityfocus.com/bid/3693 Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verification" vulnerability. Analysis ---------------- ED_PRI CAN-2001-0874 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0875 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0875 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011211 Category: SF Reference: BUGTRAQ:20011126 File extensions spoofable in MSIE download dialog Reference: URL:http://www.securityfocus.com/archive/1/245594 Reference: MS:MS01-058 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-058.asp Reference: XF:ie-file-download-ext-spoof(7636) Reference: URL:http://xforce.iss.net/static/7636.php Reference: BID:3597 Reference: URL:http://www.securityfocus.com/bid/3597 Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download. Analysis ---------------- ED_PRI CAN-2001-0875 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0876 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0876 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011211 Category: SF Reference: BUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100887440810532&w=2 Reference: NTBUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100887271006313&w=2 Reference: MS:MS01-059 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-059.asp Reference: CERT:CA-2001-37 Reference: URL:http://www.cert.org/advisories/CA-2001-37.html Reference: CERT-VN:VU#951555 Reference: URL:http://www.kb.cert.org/vuls/id/951555 Reference: XF:win-upnp-notify-bo(7721) Reference: URL:http://xforce.iss.net/static/7721.php Reference: BID:3723 Reference: URL:http://www.securityfocus.com/bid/3723 Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98E, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL. Analysis ---------------- ED_PRI CAN-2001-0876 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0877 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0877 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011211 Category: SF Reference: BUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100887440810532&w=2 Reference: NTBUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100887271006313&w=2 Reference: BUGTRAQ:20020109 UPNP Denial of Service Reference: URL:http://www.securityfocus.com/archive/1/249238 Reference: MS:MS01-059 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-059.asp Reference: CERT:CA-2001-37 Reference: URL:http://www.cert.org/advisories/CA-2001-37.html Reference: CERT-VN:VU#411059 Reference: URL:http://www.kb.cert.org/vuls/id/411059 Reference: XF:win-upnp-udp-dos(7722) Reference: URL:http://xforce.iss.net/static/7722.php Universal Plug and Play (UPnP) on Windows 98, 98E, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system. Analysis ---------------- ED_PRI CAN-2001-0877 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0879 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0879 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011211 Category: SF Reference: ATSTAKE:A122001-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a122001-1.txt Reference: BUGTRAQ:20011221 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100891252317406&w=2 Reference: MS:MS01-060 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-060.asp Reference: XF:mssql-c-runtime-format-string(7725) Reference: URL:http://xforce.iss.net/static/7725.php Reference: BID:3732 Reference: URL:http://www.securityfocus.com/bid/3732 Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service. Analysis ---------------- ED_PRI CAN-2001-0879 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0886 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0886 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011214 Category: SF Reference: MISC:http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html Reference: BUGTRAQ:20011217 [Global InterSec 2001121001] glibc globbing issues. Reference: URL:http://www.securityfocus.com/archive/1/245956 Reference: REDHAT:RHSA-2001-160 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-160.html Reference: MANDRAKE:MDKSA-2001:095 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-095.php3 Reference: ENGARDE:ESA-20011217-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1752.html Reference: XF:glibc-glob-bo(7705) Reference: URL:http://xforce.iss.net/static/7705.php Reference: BID:3707 Reference: URL:http://www.securityfocus.com/bid/3707 Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character. Analysis ---------------- ED_PRI CAN-2001-0886 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0887 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0887 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011219 Category: SF Reference: FREEBSD:FreeBSD-SA-01:68 Reference: URL:http://www.securityfocus.com/advisories/3734 Reference: BID:3700 Reference: URL:http://www.securityfocus.com/bid/3700 Reference: XF:xsane-temp-symlink(7714) Reference: URL:http://xforce.iss.net/static/7714.php xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files. Analysis ---------------- ED_PRI CAN-2001-0887 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0889 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0889 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011221 Category: SF Reference: BUGTRAQ:20011219 [ph10@cus.cam.ac.uk: [Exim] Potential security problem] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100877978506387&w=2 Reference: REDHAT:RHSA-2001:176 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-176.html Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters. Analysis ---------------- ED_PRI CAN-2001-0889 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0001 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0001 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020101 Category: SF Reference: BUGTRAQ:20020101 [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100994648918287&w=2 Reference: CONFIRM:http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html Reference: DEBIAN:DSA-096 Reference: URL:http://www.debian.org/security/2002/dsa-096 Reference: REDHAT:RHSA-2002:003 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-003.html Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list. Analysis ---------------- ED_PRI CAN-2002-0001 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0002 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0002 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020102 Category: SF Reference: MISC:http://marc.theaimsgroup.com/?l=stunnel-users&m=100869449828705&w=2 Reference: CONFIRM:http://stunnel.mirt.net/news.html Reference: REDHAT:RHSA-2002:002 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-002.html Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code. Analysis ---------------- ED_PRI CAN-2002-0002 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0003 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0003 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020102 Category: SF Reference: REDHAT:RHSA-2002:004 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-004.html Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system. Analysis ---------------- ED_PRI CAN-2002-0003 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0004 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0004 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020102 Category: SF Reference: BUGTRAQ:20020117 '/usr/bin/at 31337 + vuln' problem + exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101128661602088&w=2 Reference: DEBIAN:DSA-102 Reference: URL:http://www.debian.org/security/2002/dsa-102 Reference: SUSE:SuSE-SA:2002:003 Reference: URL:http://www.suse.de/de/support/security/2002_003_at_txt.txt Reference: MANDRAKE:MDKSA-2002:007 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101147632721031&w=2 Reference: REDHAT:RHSA-2002:015 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-015.html Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice. Analysis ---------------- ED_PRI CAN-2002-0004 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0028 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0028 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020116 Category: SF Reference: BUGTRAQ:20020106 ICQ remote buffer overflow vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101043894627851&w=2 Reference: VULN-DEV:20020107 ICQ remote buffer overflow vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101043076806401&w=2 Reference: CERT:CA-2002-02 Reference: URL:http://www.cert.org/advisories/CA-2002-02.html Reference: CERT-VN:VU#570167 Reference: URL:http://www.kb.cert.org/vuls/id/570167 Reference: BID:3813 Reference: URL:http://www.securityfocus.com/bid/3813 Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request. Analysis ---------------- ED_PRI CAN-2002-0028 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0038 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0038 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020116 Category: SF Reference: SGI:20020102-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-01-I Reference: SGI:20020102-02-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-02-I Reference: SGI:20020102-03-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-03-P Vulnerability in the cache-limiting function of the unified name service daemon (nsd) in IRIX 6.5.4 through 6.5.11 allows remote attackers to cause a denial of service by forcing the cache to fill the disk. Analysis ---------------- ED_PRI CAN-2002-0038 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0043 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0043 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020122 Category: SF Reference: BUGTRAQ:20020114 Sudo version 1.6.4 now available (fwd) Reference: URL:http://www.securityfocus.com/archive/1/250168 Reference: REDHAT:RHSA-2002-013 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-013.html Reference: REDHAT:RHSA-2002-011 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-011.html Reference: CONECTIVA:CLA-2002:451 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451 Reference: ENGARDE:ESA-20020114-001 Reference: SUSE:SuSE-SA:2002:002 Reference: URL:http://www.suse.de/de/support/security/2002_002_sudo_txt.txt Reference: BUGTRAQ:20020116 Sudo +Postfix Exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101120193627756&w=2 Reference: MISC:http://www.sudo.ws/sudo/alerts/postfix.html Reference: XF:sudo-unclean-env-root(7891) Reference: URL:http://xforce.iss.net/static/7891.php Reference: BID:3871 Reference: URL:http://www.securityfocus.com/bid/3871 sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked. Analysis ---------------- ED_PRI CAN-2002-0043 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0044 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0044 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020122 Category: SF Reference: REDHAT:RHSA-2002-012 Reference: URL:https://www.redhat.com/support/errata/RHSA-2002-012.html Reference: HP:HPSBTL0201-019 Reference: URL:http://www.securityfocus.com/advisories/3818 Reference: MANDRAKE:MDKSA-2002:010 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-010.php3 Reference: DEBIAN:DSA-105 Reference: URL:http://www.debian.org/security/2002/dsa-105 Reference: XF:gnu-enscript-tmpfile-symlink(7932) Reference: URL:http://xforce.iss.net/static/7932.php Reference: BID:3920 Reference: URL:http://www.securityfocus.com/bid/3920 GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files. Analysis ---------------- ED_PRI CAN-2002-0044 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0046 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0046 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020122 Category: SF Reference: BUGTRAQ:20020120 remote memory reading through tcp/icmp Reference: URL:http://www.securityfocus.com/archive/1/251418 Reference: REDHAT:RHSA-2002-007 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-007.html Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet. Analysis ---------------- ED_PRI CAN-2002-0046 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0047 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0047 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020122 Category: SF Reference: DEBIAN:DSA-104 Reference: URL:http://www.debian.org/security/2002/dsa-104 Reference: REDHAT:RHSA-2002:007 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-007.html Reference: XF:cipe-packet-handling-dos(7883) Reference: URL:http://xforce.iss.net/static/7883.php CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a short malformed packet. Analysis ---------------- ED_PRI CAN-2002-0047 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0048 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0048 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020124 Category: SF Reference: SUSE:SuSE-SA:2002:004 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2002-Jan/0003.html Reference: DEBIAN:DSA-106 Reference: URL:http://www.debian.org/security/2002/dsa-106 Reference: MANDRAKE:MDKSA-2002:009 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-009.php Reference: REDHAT:RHSA-2002:018 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-018.html Reference: BUGTRAQ:20020128 TSLSA-2002-0025 - rsync Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101223214906963&w=2 Reference: BUGTRAQ:20020127 rsync-2.5.2 has security fix (was: Re: [RHSA-2002:018-05] New rsync packages available) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101223603321315&w=2 Reference: CONECTIVA:CLA-2002:458 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000458 Reference: ENGARDE:ESA-20020125-004 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1853.html Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server. Analysis ---------------- ED_PRI CAN-2002-0048 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0946 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0946 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011204 Symlink attack with apmd of RH 7.2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100743394701962&w=2 Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56389 apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins. Analysis ---------------- ED_PRI CAN-2001-0946 2 Vendor Acknowledgement: yes changelog Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0954 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0954 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011207 Lotus Domino Web server vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100780146532131&w=2L:1 Reference: CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=255CC03D83CFF50C85256B1E005E349B Reference: XF:lotus-domino-database-dos(7684) Reference: URL:http://xforce.iss.net/static/7684.php Reference: BID:3656 Reference: URL:http://www.securityfocus.com/bid/3656 Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory. Analysis ---------------- ED_PRI CAN-2001-0954 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0955 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0955 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: VULN-DEV:20010922 XFree86 DOS / Buffer overflow local and remote. Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=100118958310463&w=2 Reference: BUGTRAQ:20011207 Crashing X Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100776624224549&w=2 Reference: BUGTRAQ:20011208 Re: Crashing X Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100784290015880&w=2 Reference: CONFIRM:http://www.xfree86.org/4.2.0/RELNOTES2.html#2 Reference: CONFIRM:http://www.xfree86.org/security/ Reference: MISC:http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c Reference: BID:3663 Reference: URL:http://www.securityfocus.com/bid/3663 Reference: BID:3657 Reference: URL:http://www.securityfocus.com/bid/3657 Reference: XF:xfree86-konqueror-bo(7673) Reference: URL:http://xforce.iss.net/static/7673.php Reference: XF:xfree86-xterm-title-bo(7683) Reference: URL:http://xforce.iss.net/static/7683.php Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title. Analysis ---------------- ED_PRI CAN-2001-0955 2 Vendor Acknowledgement: yes ABSTRACTION: It is possible that the Konqueror and xterm bugs have different issues, both of which may or may not be due to the same problem in XFree86. However, both of the reports involve X clients that crash the server - which shouldn't be doable by a client - so that suggests a common problem that is "exploitable" through different means. Various Bugtraq discussions seem to eventually agree that it is something in XFree86. However, the XFree86 security reports do not provide sufficient details to be certain that it is the same underlying problem. ACKNOWLEDGEMENT: Some posts on Bugtraq imply that there are patches in the fbglyph.c file. The XFree86 security page has the following comment for version 4.2.0: "Fix a buffer overflow in glyph clipping for large origin" which could be the same as the issue being discussed here. Section 2.3 in the release notes for 4.2.0 says "A security problem related to glyph clipping for large origins is fixed." However, the patch was applied on September 16th - a week before the problem was initially posted to VULN-DEV. While the vendor's descriptions of the problems do not cleanly match the exploit scenarios described in the mailing lists - which affects the certainty of this candidate's description - there seems to be enough evidence that XFree86 was aware of and fixed this problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0005 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0005 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020107 Category: SF Reference: BUGTRAQ:20020102 w00w00 on AOL Instant Messenger (serious vulnerability) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100998295512885&w=2 Reference: BUGTRAQ:20020102 AIM addendum Reference: URL:http://www.securityfocus.com/archive/1/247944 Reference: NTBUGTRAQ:20020102 w00w00 on AOL Instant Messenger (serious vulnerability) Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=72 Reference: NTBUGTRAQ:20020102 AIM addendum Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=198 Reference: BID:3769 Reference: URL:http://www.securityfocus.com/bid/3769 Reference: XF:aim-game-overflow(7743) Reference: URL:http://xforce.iss.net/static/7743.php Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary code via a long argument in a game request (AddGame). Analysis ---------------- ED_PRI CAN-2002-0005 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0007 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0007 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020109 Category: SF Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=54901 CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server. Analysis ---------------- ED_PRI CAN-2002-0007 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0008 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0008 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020109 Category: SF Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108385 Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108516 Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi. Analysis ---------------- ED_PRI CAN-2002-0008 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0009 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0009 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020109 Category: SF Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=102141 show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu. Analysis ---------------- ED_PRI CAN-2002-0009 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0010 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0010 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020109 Category: SF Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html Reference: BUGTRAQ:20020106 Inproper input validation in Bugzilla <=2.14 - exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0052.html Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108812 Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108822 Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108821 Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=109690 Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=109679 Reference: MISC:http://www.bugzilla.org/bugzilla2.14to2.14.1.patch Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges. Analysis ---------------- ED_PRI CAN-2002-0010 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0011 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0011 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020109 Category: SF Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=98146 Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login. Analysis ---------------- ED_PRI CAN-2002-0011 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0045 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0045 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020122 Category: SF/CF/MP/SA/AN/unknown Reference: CONFIRM:http://www.openldap.org/lists/openldap-announce/200201/msg00002.html slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes which would otherwise be protected by ACLs. Analysis ---------------- ED_PRI CAN-2002-0045 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0542 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0542 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20010710 Category: SF Reference: ATSTAKE:A122001-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a122001-1.txt Reference: BUGTRAQ:20011221 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100891252317406&w=2 Reference: MS:MS01-060 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-060.asp Reference: XF:mssql-text-message-bo(7724) Reference: URL:http://xforce.iss.net/static/7724.php Reference: BID:3733 Reference: URL:http://www.securityfocus.com/bid/3733 Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CAN-2001-0879. Analysis ---------------- ED_PRI CAN-2001-0542 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0551 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0551 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20010718 Category: SF Reference: CERT-VN:VU#860296 Reference: URL:http://www.kb.cert.org/vuls/id/860296 Reference: AIXAPAR:IY21539 Reference: AIXAPAR:IY20917 Reference: HP:HPSBUX0105-151 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q2/0044.html Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the Help window. Analysis ---------------- ED_PRI CAN-2001-0551 3 Vendor Acknowledgement: yes Content Decisions: SF-CODEBASE, SF-LOC ABSTRACTION: HP says that they have fixed this problem in HP advisory HPSBUX0105-151, which is CAN-2001-0772. CAN-2001-0772 is a vague advisory that covers more overflows and other types of problems. So, there is some overlap between these two candidates. It is not certain how to resolve this overlap. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0888 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0888 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011219 Category: SF Reference: BUGTRAQ:20011221 VIGILANTe advisory 2001003 : Atmel SNMP Non Public Community String DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100895903202798&w=2 Reference: XF:atmel-snmp-community-dos(7734) Reference: URL:http://xforce.iss.net/static/7734.php Reference: BID:3734 Reference: URL:http://www.securityfocus.com/bid/3734 Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests. Analysis ---------------- ED_PRI CAN-2001-0888 3 Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0944 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0944 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011202 mIRC bug? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100734173831990&w=2 DDE in mIRC allows local users to launch applications under another user's account via a DDE message that executes a command, which may be executed by the other user's process. Analysis ---------------- ED_PRI CAN-2001-0944 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0945 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0945 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011203 Buffer over flow on Outlook express for Macintosh Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100741295502017&w=2 Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line. Analysis ---------------- ED_PRI CAN-2001-0945 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0947 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0947 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011204 NMRC Advisory - Multiple Valicert Problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100749428517090&w=2 Reference: CONFIRM:http://www.valicert.com/support/security_advisory_eva.html Reference: XF:eva-forms-reveal-path(7649) Reference: URL:http://xforce.iss.net/static/7649.php Reference: BID:3615 Reference: URL:http://www.securityfocus.com/bid/3615 Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path. Analysis ---------------- ED_PRI CAN-2001-0947 3 Vendor Acknowledgement: yes advisory Content Decisions: DESIGN-REAL-PATH, SF-LOC ABSTRACTION: CD:SF-LOC suggests splitting between problems of different types, so the Valicert overflows, CSS, path disclosure, and other types of problems are separated. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0948 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0948 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011204 NMRC Advisory - Multiple Valicert Problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100749428517090&w=2 Reference: CONFIRM:http://www.valicert.com/support/security_advisory_eva.html Reference: XF:eva-admin-script-injection(7650) Reference: URL:http://xforce.iss.net/static/7650.php Reference: BID:3619 Reference: URL:http://www.securityfocus.com/bid/3619 Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed. Analysis ---------------- ED_PRI CAN-2001-0948 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests splitting between problems of different types, so the Valicert overflows, CSS, path disclosure, and other types of problems are separated. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0949 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0949 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011204 NMRC Advisory - Multiple Valicert Problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100749428517090&w=2 Reference: CONFIRM:http://www.valicert.com/support/security_advisory_eva.html Reference: XF:eva-forms-bo(7652) Reference: URL:http://xforce.iss.net/static/7652.php Reference: BID:3621 Reference: URL:http://www.securityfocus.com/bid/3621 Reference: BID:3622 Reference: URL:http://www.securityfocus.com/bid/3622 Reference: BID:3624 Reference: URL:http://www.securityfocus.com/bid/3624 Reference: BID:3625 Reference: URL:http://www.securityfocus.com/bid/3625 Reference: BID:3627 Reference: URL:http://www.securityfocus.com/bid/3627 Reference: BID:3628 Reference: URL:http://www.securityfocus.com/bid/3628 Reference: BID:3629 Reference: URL:http://www.securityfocus.com/bid/3629 Reference: BID:3630 Reference: URL:http://www.securityfocus.com/bid/3630 Reference: BID:3631 Reference: URL:http://www.securityfocus.com/bid/3631 Reference: BID:3632 Reference: URL:http://www.securityfocus.com/bid/3632 Reference: BID:3633 Reference: URL:http://www.securityfocus.com/bid/3633 Reference: BID:3634 Reference: URL:http://www.securityfocus.com/bid/3634 Reference: BID:3635 Reference: URL:http://www.securityfocus.com/bid/3635 Reference: BID:3636 Reference: URL:http://www.securityfocus.com/bid/3636 Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length. Analysis ---------------- ED_PRI CAN-2001-0949 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CF:SF-LOC suggests combining problems of the same type in the same version, so all buffer overflows are included in this item. This is a good example of CVE's "content decisions" at work - XF chose one level of abstraction and BID chose another. CD:SF-LOC also suggests splitting between problems of different types, so the Valicert overflows, path disclosure, and other types of problems are separated. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0950 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0950 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011204 NMRC Advisory - Multiple Valicert Problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100749428517090&w=2 Reference: CONFIRM:http://www.valicert.com/support/security_advisory_eva.html Reference: XF:eva-insecure-key-generation(7653) Reference: URL:http://xforce.iss.net/static/7653.php Reference: XF:eva-insecure-key-storage(7651) Reference: URL:http://xforce.iss.net/static/7651.php Reference: BID:3618 Reference: URL:http://www.securityfocus.com/bid/3618 Reference: BID:3620 Reference: URL:http://www.securityfocus.com/bid/3620 ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing. Analysis ---------------- ED_PRI CAN-2001-0950 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests merging problems of the same type that appear in the same version. Both the C rand() function and the use of /dev/urandom have a common underlying result: insufficiently random data. Thus these 2 problems are the "same type" and should be combined. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0951 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0951 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011207 UDP DoS attack in Win2k via IKE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100774842520403&w=2 Reference: BUGTRAQ:20011211 UDP DoS attack in Win2k via IKE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100813081913496&w=2 Reference: XF:win2k-ike-dos(7667) Reference: URL:http://xforce.iss.net/static/7667.php Reference: BID:3652 Reference: URL:http://www.securityfocus.com/bid/3652 Windows 2000 allows remote attackers to cause a denial of service (high CPU usage) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dots. Analysis ---------------- ED_PRI CAN-2001-0951 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0952 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0952 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011207 Red Faction Server/Client DOS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100774266027774&w=2 Reference: XF:red-faction-udp-dos(7672) Reference: URL:http://xforce.iss.net/static/7672.php Reference: BID:3651 Reference: URL:http://www.securityfocus.com/bid/3651 THQ Volition Red Faction Game allows remote attackers to cause a denial of service (hang) of a client or server via packets to UDP port 7755. Analysis ---------------- ED_PRI CAN-2001-0952 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0953 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0953 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011208 kebi-Webmail Solution vulnerability (Tested) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100780264902037&w=2:1 Reference: XF:kebi-webmail-admin-dir-access(7674) Reference: URL:http://xforce.iss.net/static/7674.php Reference: BID:3655 Reference: URL:http://www.securityfocus.com/bid/3655 Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root. Analysis ---------------- ED_PRI CAN-2001-0953 3 Vendor Acknowledgement: unknown foreign Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
